EAPoL Authentication Process
© Copyright Lenovo 2016
The clients and authenticators communicate using Extensible Authentication
Protocol (EAP), which was originally designed to run over PPP, and for which the
IEEE 802.1X Standard has defined an encapsulation method over Ethernet frames,
called EAP over LAN (EAPOL). Figure
initiated by the client.
Figure 1. Authenticating a Port Using EAPoL
802.1x Client
EAPOL
Ethernet
EAPOL-Start
EAP-Request (Credentials)
EAP-Response (Credentials)
EAP-Request (Credentials)
EAP-Response (Credentials)
EAP-Success
1 shows a typical message exchange
Lenovo Switch
Authenticator
(RADIUS Client)
Port Unauthorized
Radius-Access-Request
Radius-Access-Challenge
Radius-Access-Request
Radius-Access-Accept
Port Authorized
Chapter 6: 802.1X Port-Based Network Access Control
RADIUS
Server
RADIUS-EAP
UDP/IP
119